User Tools

Site Tools


сервис_snortsam

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
сервис_snortsam [2015/06/03 11:09]
val
сервис_snortsam [2017/12/06 09:10] (current)
val [Ubuntu]
Line 1: Line 1:
 ====== Сервис SNORTSAM ====== ====== Сервис SNORTSAM ======
  
-[[http://​www.snortsam.net/​]] +  * [[http://​www.snortsam.net/​|Старый сайт]] 
 +  * [[https://​github.com/​firnsy/​barnyard2/​blob/​master/​doc/​README.snortsam|barnyard2 github snortsam]] 
 +  * [[https://​github.com/​blox-org/​snortsam|github blox snortsam]]
 ===== Установка пакета ===== ===== Установка пакета =====
  
Line 14: Line 15:
 </​code>​ </​code>​
  
-==== Ubuntu ​14.04 ====+==== Debian/Ubuntu ====
  
 Не поддерживается Не поддерживается
Line 40: Line 41:
  
 ==== ipfilter ==== ==== ipfilter ====
-<​code>​ 
-# touch /​etc/​ipf.rules 
  
-cat /​etc/​rc.conf +  * [[Сервис Firewall#FreeBSD ​ipfilter]]
-</​code><​code>​ +
-... +
-ipfilter_enable=yes +
-</​code><​code>​ +
-# /etc/rc.d/ipfilter ​start+
  
 +<​code>​
 # cat snortsam.conf # cat snortsam.conf
 </​code><​code>​ </​code><​code>​
Line 55: Line 50:
 ipf em1 ipf em1
 </​code>​ </​code>​
- 
 ==== ipfw2 ==== ==== ipfw2 ====
  
Line 95: Line 89:
 </​code><​code>​ </​code><​code>​
 ... ...
-# ciscoacl 192.168.X.1 ​student/tacacs ​cisco /​usr/​local/​etc/​snortsam/​snortsam.acl +# ciscoacl 192.168.X.1 ​user1/tpassword1 ​cisco /​usr/​local/​etc/​snortsam/​snortsam.acl 
-# ciscoacl 192.168.X.1 cisco cisco /​etc/​snortsam/​snortsam.acl+# ciscoacl 192.168.X.1 cisco cisco /usr/local/​etc/​snortsam/​snortsam.acl
 </​code>​ </​code>​
  
 ==== cisco router acl tftp ==== ==== cisco router acl tftp ====
  
-Настройка+=== Настройка ​===
 <​code>​ <​code>​
 server# cat /​tftpboot/​snortsam.acl server# cat /​tftpboot/​snortsam.acl
Line 116: Line 110:
  ​permit tcp any any established  ​permit tcp any any established
  ​deny ​  ip any any log  ​deny ​  ip any any log
 +end
 </​code><​code>​ </​code><​code>​
 server# cat snortsam.tftp server# cat snortsam.tftp
 </​code><​code>​ </​code><​code>​
-copy tftp://​192.168.X.1/ running-config+copy tftp://​192.168.X.10/ running-config
 </​code><​code>​ </​code><​code>​
 server# cat snortsam.conf server# cat snortsam.conf
 </​code><​code>​ </​code><​code>​
 ... ...
 +# ciscoacl 192.168.X.1 cisco cisco snortsam.acl|/​usr/​local/​etc/​snortsam/​snortsam.tftp
 # ciscoacl 192.168.X.1 student/​tacacs cisco snortsam.acl|/​usr/​local/​etc/​snortsam/​snortsam.tftp # ciscoacl 192.168.X.1 student/​tacacs cisco snortsam.acl|/​usr/​local/​etc/​snortsam/​snortsam.tftp
-# ciscoacl 192.168.X.1 student/​tacacs cisco snortsam.acl|/​etc/​snortsam/​snortsam.tftp 
-</​code><​code>​ 
-server# cd /tftpboot/ 
 </​code>​ </​code>​
  
-Запуск+=== Запуск ​===
  
 <​code>​ <​code>​
 +server# cd /tftpboot/
 +
 [server:/​tftpboot] # snortsam /​usr/​local/​etc/​snortsam/​snortsam.conf [server:/​tftpboot] # snortsam /​usr/​local/​etc/​snortsam/​snortsam.conf
 +
 +server# cat /​usr/​local/​etc/​rc.d/​snortsam
 +</​code><​code>​
 +...
 +cd /tftpboot/
 +
 +run_rc_command "​$1"​
 </​code>​ </​code>​
  
Line 147: Line 149:
  
 <​code>​ <​code>​
-[server:~] # /​usr/​local/​etc/​rc.d/​snortsam rcvar+[server:~] # service ​snortsam rcvar
  
-[server:~] # /​usr/​local/​etc/​rc.d/​snortsam start+[server:~] # service ​snortsam start
 </​code>​ </​code>​
  
Line 155: Line 157:
 ===== Подключение Snort к Snortsam ===== ===== Подключение Snort к Snortsam =====
  
-  [[Сервис BARNYARD2]]+  ​[[Сервис BARNYARD2]]
сервис_snortsam.1433318966.txt.gz · Last modified: 2015/06/03 11:09 by val